Guides

Authentication

Suggest Edits

Obtaining Client Credentials

See the docs on obtaining credentials to provision required credentials. The provided client id and client secret will be used to retrieve an access token for authorizing requests to the Breezeway platform.

Generating Access and Refresh Tokens

To generate your access and refresh token, perform a POST call to the auth endpoint with your client credentials using an application/json content type.

curl --request POST \
     --url https://api.breezeway.io/public/auth/v1/ \
     --header 'accept: application/json' \
     --header 'content-type: application/json' \
     --data '
{
  "client_id": "<YOUR_CLIENT_ID>",
  "client_secret": "<YOUR_CLIENT_SECRET>"
}
'

The Breezeway platform will respond with an access token and refresh token.

{
  "access_token": "<YOUR_JWT_ACCESS_TOKEN>",
  "refresh_token": "<YOUR_JWT_REFRESH_TOKEN>"
}

The tokens return are JSON Web Tokens (JWTs). Access tokens have a 24-hour lifetime and can be used to authenticate as many requests as needed during that time.

Request Authentication

To authenticate requests to the various Breezeway platform APIs, the access token must be provided in the request header Authorization and must include the scheme JWT as a prefix to the access token. Note the prefix in the following example request.

curl --request GET \
     --url https://api.breezeway.io/public/inventory/v1/property \
     --header 'Authorization: JWT <YOUR_ACCESS_TOKEN>' \
     --header 'accept: application/json'

Refreshing Access Tokens

Access tokens have a 24-hour life and must be refreshed to ensure continued authorization of requests. To refresh tokens, a POST call must be made to the refresh endpoint, using the refresh token obtained previously. As with other requests, the token must be prefixed with JWT.

curl --request POST \
     --url https://api.breezeway.io/public/auth/v1/refresh \
     --header 'Authorization: JWT <YOUR_REFRESH_TOKEN>' \
     --header 'accept: application/json'

The Breezeway platform will respond with new tokens.

{
  "access_token": "<YOUR_NEW_ACCESS_TOKEN>",
  "refresh_token": "<YOUR_NEW_REFRESH_TOKEN>"
}

Refresh tokens have a 30-day lifetime. Each call to refresh an access token provides a new refresh token. If your refresh token expires, new tokens can be generated by following the steps outlined above in Generating Access and Refresh Tokens.


Rate Limits

Endpoints to generate access token and refresh token have a rate limit of 1 req/min. As these token are valid for 24 hours, there is no need to make requests for each request.

When the rate limit is hit, we will return HTTP status 429, and information about when the limit expires will be provided in both the header and the response body.

Updated 4 months ago